A Multi-Dimensional Approach to Insider Threat
This is Dave Mundie, senior member of the technical staff in the CERT Division.
Previous SEI blog posts ("Protecting Against Insider Threats with Enterprise Architecture Patterns" and "Effectiveness of a Pattern for Preventing Theft by Insiders") have described the the pattern language for insider threat that my colleague Andrew Moore and I have been developing. This pattern language consists of 26 mitigation patterns derived from the examination of more than 700 insider threat cases in our database. The goal of our research is to help organizations balance the cost of security controls with the risk of insider compromise.
My most recent blog post is the third installment in the series, and describes our efforts to organize our pattern language in a way that makes it as usable as possible. I discuss our explorations into categorization and classification systems, and outline our rationale for moving away from a rigid, top-down, linear hierarchical categorization system. Please read the post, and let me know if you have comments or suggestions.